Commercial software is typically protected from unauthorized copying and redistribution via Digital Rights Management (DRM) techniques embodied in the application software itself. Many DRM systems are designed to limit the use of the application to the first computer on which it is installed, rendering additional copies of the software unusable. Other approaches, such as watermarking, simply provide a means of identifying copied software, providing clear evidence that can be used in taking legal action against users of illegal copies.
The main limitation of software-based DRM is that, although a particular protection scheme may be very sophisticated and difficult to defeat, the entire system can be compromised if and when anyone develops a “crack” for the system and publishes the results, e.g. on the Internet. The designer of the DRM system faces the incredibly difficult task of devising a system that no one in the world can defeat during the expected commercial lifetime of the protected software; prospective software “pirates” need only wait and search the Internet until some clever hacker wins this one-sided contest.
The “dongle” was devised to address this problem by implementing part of the DRM system in custom hardware. This makes it more difficult to defeat any given instance of the DRM (e.g. a single copy of a protected application) and, at the same time, can greatly limit the damage if a particular copy of the application is cracked.
Wikipedia, the free encyclopedia, provides the following definition of a dongle:                “In the computer industry, the word dongle can refer to a small hardware device that connects to a computer to act as authentication for some piece of software. This was its primary meaning in the 1980s and 1990s. When the dongle is not present, the software runs in a restricted mode or refuses to run. Dongles are used by some proprietary vendors as a form of copy prevention or digital rights management because it is much harder to copy the dongle than to copy the software it authenticates.”        
Successful hardware-based attacks on dongle systems have been demonstrated, and it is important to use the lessons learned from these attacks to minimize this risk; but methods used in these attacks are sophisticated enough that even with a published “recipe” for defeating a particular dongle design, very little market share for the legitimate application would actually be lost to the set of potential users who are willing and able to follow the procedures involved. For example, see:                “Attacks on and Countermeasures for USB Hardware Token Devices” (http://www.grandideastudio.com/files/security/tokens/usb_hardware_to ken.pdf) (PDF) Joe Grand, Grand Ideas Studio, Proceedings of the Fifth Nordic Workshop on Secure IT Systems Encouraging Co-operation, Reykjavik, Iceland, Oct. 12-13, 2000, pp 35-57, ISBN 99799483-0-2        
This article, which is also referenced in the Wikipedia entry on dongles, illustrates both some of the hardware tactics that were effective against dongle technology of the 1990s and the degree of technical sophistication required in order to use these tactics—even with the aid of step-by-step instructions. It is questionable if even the early-model dongles, which could be hacked by the methods described above, could easily have been circumvented to the extent of supporting large-scale distribution of illegally copied applications. Given the testing and analysis provided by analysts such as Joe Grand, considerably stronger protection could have been provided by dongle technology. But a solution can only be effective if it is accepted in the marketplace.
Although dongles have provided a strong implementation of DRM, this technology is no longer used to any significant extent. To the end user, the dongle represented an additional complication: a new device had to be attached to the computer for each protected application in use, and the loss of a dongle rendered its application unusable. And while the dongle provided a clear anti-piracy benefit to the software provider, it provided the end user with no direct benefits to compensate for its inconveniences. In principle, the dongle is a highly effective system for IPR protection; in reality, this “solution” provides no protection for any application in the market.
They are 3 main types of Remote Activation Systems that are currently in use. Remote Activation by Internet once; Remote Activation with periodic “phone home” functions; and Continuous Remote Activation.
The most common type of Remote Activation only requires the user to activate once by Internet or even by a telephone call. If a user installs the program it will ask the user to activate the program via the Internet, where it will check the serial number and possibly other things like number of valid licenses on that serial number, tie that activation down to that computer by associating it with that computer's hardware state ID, and possibly check the validity of the CD in the drive, etc. Once the Remote Activation server is convinced that it is a valid installation it will then remove a time and/or program feature restriction. Almost all programs will also allow for people who lack an Internet connection to activate the program remotely by placing a telephone call. A user can call a help line and give the help desk operator information such as, for example, a serial number, and in addition he might tell the operator a unique id generated by the program. The help desk operator then gives the user a series of steeps which would include entering in another series of numbers that was generated by the help desk operator's computer, and which will activate the program. This type of activation is susceptible to the same type of attacks that Software-Based Digital Rights Management schemes are vulnerable to:                The use of “cracks” that will remove the restrictions of the program without having to activate it        Use serial number generators and/or serial number lists that will fool the Remote Activation Server into thinking it is a valid copy        Use of help desk activation number generators that reproduce the activation number that a user would have gotten from the help desk operator        
A slightly more advanced version of Remote Activation is to have the program require activation upon installation and then go on the Internet and “phone home” to check against an updated serial number list, check hash marks of key files of the program to see if the program was altered, and the like. This is usually done in connection with updates. A common method of defeating this tactic is disabling the update feature on the program and/or programming a firewall to stop that particular program from accessing the Internet. Again, “cracks” are commonly used on these programs—in this case to eliminate the “phone home” function of the program. Finally, some applications can be run effectively on computing devices that have no connection to the Internet and therefore have no access to a “phone home” protection capability.
With the introduction of “always on” Internet connection services, a new form of DRM was introduced that did not require the end user to keep track of new hardware devices. Continuous remote activation systems, like dongle technology, provide most of the code for the protected application in a clear, easily-copied format, and DRM is supported by modifying this clear code in such a way that it can only operate properly through a continuing series of interactions with algorithms and data that are hidden to the application user. In a continuous remote activation system, these enabling resources are provided from a remote server, typically over the Internet. Continuous remote activation systems can provide an excellent level of DRM protection, and they demonstrated the viability of supporting DRM simply through the requirement of occasional short interactions with an enabling control element.
Today, however, continuous remote activation has followed dongles into disuse. Drawbacks to the remote activation approach include the need to maintain a constant Internet connection, and the dependency of all protected applications on the performance and reliability of the data connection (unpredictable) and the activation server (which presents issues of scalability and reachability, and introduces a business dependency on the long-term success of the company that operates the remote activation server).
The present invention (referred to hereinafter as the Integrated Distribution and Protection Device (“IDPD”)) combines the basic design principle of the dongle with the compact external storage capability of an NV-RAM thumb drive. It is also capable of providing a scalable implementation of activation algorithms—with a local rather than remote activation engine, providing a guarantee of extremely low latency. It is a unique combination of prior inventions, which solves problems that none of the earlier systems could have solved alone, and addresses a long-felt need in the marketplace.